Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
39 Cards in this Set
- Front
- Back
|
S3 Info & Limits (¼)
|
100 S3 buckets
unlimites objects name restriction: no UpperCase, start with a letter, 3-63 chars object size minimum 0bytes and max 5TB 5Gb+ req multipart upload stop and startup loads call CompleteMultiPartUpload to reassemble file |
|
|
S3 Info & Limits (2/4)
|
Names Lexigraphically
use random names to increase perfornance requests over 100 per second should not use sequantial names Objects are stored across multiple partitions in the index |
|
|
S3 Info & Limits (¾)
|
Static Website hosting by: Cloudformation, API, or console
Need to specify index doc, error dor, redirects to other hostnames Route 53, bucket name must match domain name (even aliases) every bucket receives a customer URL (.s3-website-.amazonaws.com |
|
|
S3 error codes
|
404 not found – content does not exist in bucket
403 forbidden – do not have permission on bucket 400 bad request – invalid bucket state 409 conflict – trying to delete a non empty bucket 500 internal server error – internal issue with S3 |
|
|
S3 Info & Limits (4/4)
|
Buckets cannot be transferred
bucket policies can only be 20kb in size IAM policies are account level, manage access based on user ACLs are cross account AWS gives full permission to the bucket owner even the owner if they do not have permission to put an object from IAM or bucket policies will be denied an explicit deny overrides an allow permission are applies to S3 ARNs to encrypt request header x-amz-server-side-encryption to request is durin upload |
|
|
DynamoDB (¼)
|
Fully managed NoSQL – create a new table and scale read capacity up or down without any downtime
performance is controlled through provisioned throughput data and traffic are automatically spread over servers to handle any amount of request capacity all data stored on SSDs and replicated across multiple Azs automatically |
|
|
DynamoDB (2/4)
|
Used through the console or API
build in fault tolerance with synchronous replication flexible data model through attributes and items strong consistency and atomic counters pay for what you us performance monitoring through the AWS console integrates with AWS bi data services such as MapReduce and RedShift scalable, no limit on the amount of storage |
|
|
DynamoDB (¾)
|
Provisioned Throughput – specify at table creation, read and write throughput capacity
Automatically allocated sufficient servers to handle specified load throughput can be changes at any time Does not allow cross table joins (NoSQL) 256 tables per region (can be increased) range primary key value 1024 hash primary key value 2048 item size, 64kb 5 local secondary indexes per table 5 global secondary indexes per table |
|
|
DynamoDB (4/4)
|
Hash Index – indexes with primary key attributes
Hash primary key – a value that uniquely identifies each item in a particular table Hash and range primary key – a pair of items that together form a unique identifier for each item in a particular table Secondary indexes – a data structure that contains a subset of attributes of the table, along with an alternate key, queries are no longer restricted to the table primar key, can have multiple secondary Local secondary index – Same hash key as the table but different key range, local because the scope stays to the same has key partition as the table Global secondary index – hash and range key are different than that of the table therefore queries on the index can span all data on the table across partitions |
|
|
DynamoDB Conditional writes
|
to avoid errors where multiple people are updating information conditional writes is an update that is only performed if the current attribute of the item meets the specified condition i.e. you can test to ensure it is still the value you expect and another user has not already updated it
|
|
|
DynamoDB Atomic counters
|
Atomic counters allow ou to incrememtn or decrement the value of an existing attribute without interfering with other write requests
all write requests are applied in the order received use UpdateItem to incrememnt of decrememnt an attribute value |
|
|
DynamoDB Strongly consistent vs eventually consistent
|
Data is eventually consistent because DynamoDB maintains multiple copes or an item to ensure durability, however if you have an immediate read after write you may not get the most recent data
You can specify a strongly consistent read so receive the most up to date version (however it uses additional read capacity units) |
|
|
DynamoDB Provision Throughput
|
Unit of read capacity is 1 strongly consistent read per second or two eventually consistent reads for items as large as 4kb
unit of write capacity is 1 write per second for items to to 1kb Calaculating read capacity units, they are rounded to the nearest 4kb |
|
|
DynamoDB Authentication
|
for temporary access using AWS IAM Security Token services can use identify providers such as Facebook, Google etc, create a role for each identity provider you plan to use in your app, in the code use AssumeRoleWithWebIdentity call to request temporary AWS security credentials by passing identity provider token and specify ARN for the IAM role, app can now use the temporarily cached credentials to access
|
|
|
DynamoDB Queries
|
Query - allows you to search only primary key values and secondary index keys, efficient as it searches index only, by defauly eventually consistent, returns all item attributes
Scans – reads every item in the table and is inefficient, can apply filter to the results received Scan negatives include the larger the data the slower the performance, the more filters the slower, only eventually consistent reads available |
|
|
SQS (Simple Queue Service)
|
Scalable messagin system – used to store messages between different components in an application, stores messages that are generated from one component to be consumed by another
used to loosely decouple your app architecture advantages include allowin easy elasticity for scaling, protection against lost processes if a component fails Gaurantees delivery of at least one message does not gaurantee the delivery order |
|
|
SQS Features
|
Daly Queues – delivery of messages is delayed by an amount of time
Access control – control who can send and receive Redundant infrastructure – gaurantees delivery of messages at least once SQS lockes messages during processing so can use multiple readers and writers message size can be variable, but to max 256kb, for larger messages attach instruction to access data stored in DynamoDB or Amazon S3 |
|
|
SQS Flow
|
messages received are redundantly distributed
when a message is retreived from the queue it remains in the queue however it is not visible or returned to others for the duration of the visibility timeout once the message has been processed the message is delivered to ensure it is not processed again Short polling – a subset of SQS servers are polled for messaged, continuous short polling should occur if you have received all messages Long polling – reduces the number of empty responses when polling a queue, allows SQS to wait until a message is available before responding unless connection times our long polling response will contain at least 1 message reduces the amount of request and therefore costs |
|
|
SQS figures
|
Messages up to 256kb
Delay Queues – amount of time to delay a first message of all the messages in the queue (min 0 seconds, max 15 minutes Message retention period – amount of time a message will live in a queue if not deleted (minimum 1 minute, max 14 days) visibility timeout – number of seconds that a message received from a queue is invisible to other components pollin SQS (min 0 seconds, max 12 hours) receive message wait time – if set to a value greater than 0 then long polling is enabled up to 120000 in-flight messages |
|
|
SNS (Simple Notification Service) (1/3)
|
Fast and managed push messaging service
integrated with AWS services in order to send alerts and notifications Services that use SNS – CloudWatch, S3 RRS, RDS Notification of change, plus others SNS sends messages to end points including – HTTPS, HTTP, SMS, Email, Email JSON, Amazon SQS, Application |
|
|
SNS (Simple Notification Service) (2/3)
|
SNS should be used for automation, distributed systems, and notification of events and alarms
How it works – when something is triggered a notification is sent to an SNS topic, SNS topic sends notification to a designated end point, end pôint takes notification information and creates a new object to replcate the lost object, no human interaction is involved |
|
|
SNS (Simple Notification Service) (3/3)
|
SNS is used to send out emails and SNS messages to subscribers
can offer SNS services to your customers use SNS to push notifications to mobile devices, works with APNS (apple push notification service), GCM (google cloud messaging for android), ADM (Amazon Device Messaging) |
|
|
SNS Push Notifications (½)
|
Provides the ability to send notification directly to apps on mobile devices
notification to mobile end points and appear as message alerts, badge updates, sound alerts Seup Process – 1: Requires device token or registration ID (Apple, Google etc), this is received from the notification service when the application is registered 2: tokens will be unique for each app and mobile device 3:AWS SNS uses the token to create a mobile endpoint 4: register your app with SNS by providing App ID info and specific credentials required by the push notication service 5:add the returned device tokeny (registration ids) to SNS to create mobile end points you can, manually add, migrate from CSV, CreatePlatFormEndPoint, register toeksn from devies that will install apps in the future |
|
|
SNS Push Notifications (2/2)
|
You can send push notification at the same time to all devices or different message to each platform
|
|
|
SNS API details
|
ChangeMessageVisibility – change visibility of a single message
Change a queue defaul visibility timeout with SetQueueAttributes – VisibilityTimeout attribute Enable long polling on a queue – SetQueueAttributes – ReceiveMessageWaitTimeSeconds (greater than 0) attribute Enable delay queue with SetQueueAttributes – DelaySeconds attribute |
|
|
SQS Common API calls
|
GetQueueAttributes – get all attributes for a specific queue
ChangeMessageVisibilityBatch – extend of terminate visibility timeout for up to 10 messages at a time DeleteMessageBatch – Deleted Multiple messages in a single call GetQueueURL – returns URL for an existing queue. Do not hard code a queue, use this as AWS can change to URL or a queue |
|
|
SQS SDKS
|
SDKs perform the signature requirement automatically, they also create east to use methods for communcating with the AWS API. N
|
|
|
Cloudformation (¼)
|
Allows you to create and provision resources ina reusable template fashion
you can source control your infrastructure by building templates that enable you to create and delete resources on demand built using JSON syntax Cloudformation template is made up of 6 sections : Template Declaration, Parameters, Mappings, Conditions, Resources, Outputs |
|
|
Cloudformation (2/4)
|
Template format declaration is optional
template description declaration is also optional but must follow the AWSTemplateFormatVersion is it is to exist Parameters: allows you to define what values can be passed at creation time Mappings: allows you to set specific values based on a mapping Conditions: compare values, if condition is met launch specific resources i.e. prov vs dev Resources: only mandatory section. AWS resources used in the stack are declared, example EC2 and S3 etc Outputs: return values back to the user |
|
|
Cloudformation (¾)
|
Intrinsic Functions – functions are used to pass values that are not available until runtime i.e. determine the IP of an EC2 that is created
Examples, Fn:FindInMap – returns the value of a key from a mapping Fn:GetAtt – returns the attribute value of the resource Fn::Join concatentation of elements Ref – returns a resources or value based on a logical name or parameter Fn::GetAZs – get the AZs where you can create cloud formation stacks |
|
|
Cloudformation (4/4)
|
If a stack fails to create a resource by defaul the stack will rollback
rollback is the removal of one or more stacks after a failed stack creation or after an explicitly canceled stack creation AWS allows 20 cloudformation stacks per region (can be increased) Cloudformation allows you to declare cloud-init scripts for EC2 resources you can use regular expressions in certain declarations |
|
|
SWF (Simple Work Flow Service) (¼)
|
Is a task coordination and state management service for cloud applications
It is distributed, highly available, with with on-premise and cloud, a workflow can consist of human events, a workflow execution can last up to 1 year, gauranteed order of events |
|
|
SWF (Simple Work Flow Service) (2/4)
|
Domains: used to help determine the scope of work flows
multple workflows can live inside a domain workflows cannot interest with workflows in other domains Activity worker: process that performs an activity that is part of the workflow activity workers poll SWF for new tasks After receiving a task the activity worker will process the task at it is instructed and report back to SWF workers can consist of a server on EC2 or on-premise, a human worker can aslo be used to process the task and report back to SWF |
|
|
SWF (Simple Work Flow Service) (¾)
|
Tasks, Activity Tasks: is assigned to a worker such as encode visio etc
decision tast tell the decider that the state of the workflow exectuion has changed allows the decider to determine what the next activity is decision tasks ocure whenever the state of the workflow changes (task complete) |
|
|
SQS vs SWF
|
both are used to create distributed systems
both allow of each component to be scales separately SQS is best effort for message order and can have duplicates SWF gaurantees execution order and uses deciders for the next steps SWF can have a human tasks SQS messages live up to 14 days, SWF up to a year SWF allows for synchronour or asynchronous distributed processing |
|
|
ELB Session State
|
ELB Session stickiness, enable load balancer generated cookie stickiness, duration based session stickiness.
ELB can check to see if a cookie is present, then if it is value or not, if it is value it can send the request to the defined instance, if not it can issue or re-generate cookie and send request to an instance. Cookie is automatically updated after its duration expires |
|
|
Message Data (1/3)
|
When a message is sent, it is posted to the sbuscriber endpoint with a set of key/value pairs in JSON format
this allows developers to grab the data and parse it in any way needed this allows developers to verify the authenticity of the message this POST message is sent to the subscriber end point |
|
|
Message Data (2/3)
|
Message: message value specified when the notification was published to the topic
MessageID – unique identifier for each message, published same id must be used for retries Signature – Base64 encoded SHA1withRSA signature of the message, MessageID, subject, Type, Timestamp, and TopicArn value SignatureVersion – version of the AWS SNS signature used SigningCertURL – the URLto the certificate that was used to sign the message Subject – Subject parameter specified when publishing the topic Timestamp – the time (GMT) when the topic was published TopicArn – Amazon Resource Name for the topic that this message was published to Type – generally notification if the message was a notification UnsubscribeURL – URL where the receiving user and unsubscribe from the topic |
|
|
STS (SeucrityTokenService)
|
Allows you to grant a trusted user temporary and limited access to AWS resources
Federation – grant temp access to users on a comporate network without creating IAM credentials for each user SSO allows federated users to login to the AWS console without having IAM users defined Federation for mobile apps: use facebook etc to authenticate mobile app uers and grant them temporary access cross-account access . Lets IAM user in one account access resources in another Terms – Federation: federating a lite of domain users with a separate list of users in another domain Identity Broker: A service that allows you to take an identity from point a and federate it to another identity at point b Identity store: facebook, AD, google etc Identities: a user or identity within a service |
